Title-1
Title-2
Title-2
Title-3
Title-4
Renzulli Learning
Data Security and Privacy Plan
This document outlines Renzulli Learning’s technical and operational measures to ensure the integrity, confidentiality, and availability of all user data, with a specific focus on compliance with student data privacy regulations.
1. Data Hosting and Infrastructure Security
Renzulli Learning operates under a shared responsibility model, utilizing the robust, highly-available infrastructure of a certified managed hosting provider.
- Hosting Partner: Our primary infrastructure and data hosting are managed by LightEdge, a managed hosting provider specializing in regulated industries.
- Certifications & Compliance: We leverage LightEdge’s rigorous security framework, which maintains certifications including ISO 22301:2019, ISO/IEC 20000-1:2018, and ISO/IEC 27001:2013. Our data security measures are compliant with standards such as HIPAA, HITECH, and PCI.
- Physical Security: The physical security of all servers and data centers is managed by LightEdge’s comprehensive protocols, including strict access controls, surveillance, and environmental protection.
- Enhanced Network Security: The LightEdge hosted solution includes enterprise-grade network protection. This ensures data is secured through Firewall Services and Intrusion Detection/Prevention Systems (IDS/IPS) that are monitored and managed 24/7. All network perimeters are managed and maintained by LightEdge security experts.
2. Information Security Principles and Controls
Our internal policies and external controls are designed around core security principles:
- Confidentiality: All student and school data is treated as confidential and is accessed only by authorized personnel for legitimate business purposes (least privilege access model).
- Integrity: We ensure the accuracy and completeness of data. All security-related changes, including firewall rules, must undergo a formal, tracked change management process (managed by the Technical Lead and implemented by LightEdge).
- Access Control: Access to Renzulli Learning systems is granted based on the necessity for the user’s role, with strong password policies enforced for all accounts.
3. Incident Response and Monitoring
Renzulli Learning maintains a formal, structured approach to managing potential security threats in collaboration with our hosting partner, including continuous, active monitoring of the infrastructure.
- 24/7/365 Monitoring & Management: LightEdge’s Managed Security Team provides constant intrusion monitoring, threat detection, and proactive management of network security devices (Firewalls, IDS/IPS) on the underlying infrastructure.
- Incident Activation: Upon detection (by LightEdge or Renzulli’s Technical Lead), the Incident Response Plan is immediately activated.
- Mitigation: The Technical Lead serves as the primary liaison with LightEdge, which executes the investigation, containment, and mitigation of all detected threats.
- Post-Incident Review: Every security event mandates a formal review to document the timeline, identify lessons learned, and update policies to prevent future occurrences.
4. Business Continuity and Disaster Recovery (BCP/DR)
To ensure the continuous availability and resilience of the Renzulli Learning platform, a comprehensive BCP and DR strategy is in place, leveraging a robust, highly-available hosted environment.
- High Availability & Service Availability: We rely on LightEdge’s certified infrastructure, which includes redundant systems for power, cooling, and network connectivity, ensuring a high degree of service availability and resilience against single points of failure.
- Data Backup and Recovery: LightEdge provides Managed Backup Services with defined retention periods. This guarantees that data can be restored effectively and rapidly in the event of failure or data corruption.
- Recovery Strategy: In the event of a catastrophic failure, LightEdge executes established disaster recovery procedures, including failover to redundant systems and data restoration from recent backups, designed to meet a strict Recovery Time Objective (RTO).
- Communication: Our plan includes clear internal and external communication protocols for rapid updates to stakeholders and clients, ensuring transparency regarding any service disruption and estimated time to recovery.
Start Your Free Trial Today!
Your free trial gives you Full Access to Renzulli Learning for 60 Days!